CVE-2020-15670

CWE-362Race ConditionCWE-416Use After FreeCWE-617Reachable AssertionCWE-763CWE-120Classic Buffer Overflow14 documents9 sources
Severity
8.8HIGH
EPSS
0.4%
top 40.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Firefox FOR Android+1 more
Timeline
PublishedOct 1
Latest updateMay 24

Description

Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefox_for_androidunspecified80
CVEListV5mozilla/firefoxunspecified80
NVDmozilla/firefox< 80.0
CVEListV5mozilla/firefox_esrunspecified78.2

🔴Vulnerability Details

5
GHSA
GHSA-j4ww-v8q8-vr74: Mozilla developers reported memory safety bugs present in Firefox for Android 792022-05-24
CVEList
CVE-2020-15670: Mozilla developers reported memory safety bugs present in Firefox for Android 792020-10-01
OSV
firefox regressions2020-09-03
OSV
firefox vulnerabilities2020-08-26
OSV
CVE-2020-15670: Mozilla developers reported memory safety bugs present in Firefox for Android 792020-08-26

📋Vendor Advisories

7
Ubuntu
Firefox vulnerabilities2020-08-26
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.22020-08-25
Debian
CVE-2020-15670: firefox - Mozilla developers reported memory safety bugs present in Firefox for Android 79...2020
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-15670
Mozilla
Mozilla Foundation Security Advisory 2020-36: CVE-2020-15670

💬Community

1
Bugzilla
CVE-2020-15670 Mozilla: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.22020-08-26
CVE-2020-15670 (HIGH CVSS 8.8) | Mozilla developers reported memory | cvebase.io